Business Interruption: The Unexpected Cost of a Cyber Incident

According to an Advisen cyber business interruption report, there was a 30% increase in cyber incidents leading to Business Interruption (BI) claims from 2016 to 2017. Based on Chubb’s claims data, this trend is likely the result of both a rise in large-scale ransomware and Distributed Denial of Service (DDoS) attacks, a trend that we anticipate will continue to climb.

While the concept of BI insurance has been around for more than 200 years in the property arena, it is a relatively new and rapidly evolving coverage concept in the cyber world. Typically, cyber BI insurance covers the insured’s net profit before taxes that would have been earned had there been no interruption in service as a result of a cyber event. BI losses typically include the costs associated with continuing to run the insured’s business, including payroll expenses, as well as the costs associated with reducing the impact of the income loss (generally referred to as extra expenses). As is typical in the property insurance world, some type of “proof of loss” is typically required by the carrier to quantify the losses claimed by the insured. In some instances, a forensic accountant may be called upon to perform a more thorough analysis to substantiate the total loss.

Time is an important element to keep in mind in the context of cyber BI, as most policies have a designated waiting period that must elapse before a recovery is possible. Typically, the clock begins to run at the earliest point when there is an interruption or degradation in service. A typical waiting period in a cyber policy is less than a day, and most fall between 6 and 24 hours. Additionally, income loss calculations can continue to accrue until the insured’s system is back to the same functionality and level of service that existed prior to the incident.

Another concept related to cyber BI claims is coverage for Contingent Business Interruption (CBI) losses. A cyber CBI loss occurs when an insured suffers lost income as a result of an interruption in service of a shared computer system. These shared computer systems can take on many forms, including cloud services, data storage and other processing functions. Many third party vendors attempt to limit their liability through a variety of contractual terms. In these instances, obtaining CBI coverage may be critical to protecting your business.

In order to mitigate the effects of a cyber loss that results in a BI claim, it is essential that insureds have a tested incident response plan that can be executed by their organization. Just like having a business continuity plan in case of a natural disaster, companies must be prepared for a cyber event, including keeping up-to-date backups of their data available and away from any potential threats. Additionally, the best way to guard against CBI losses is by thoroughly vetting your vendors, making sure they have adequate insurance coverage, and ensuring you have favorable indemnification language in your contracts with them.